August 2019 Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. 1
Release Notes
17.07.19
RSA BSAFE
®
Crypto-J 6.2.5 Release Notes
This document summarizes the features of RSA BSAFE Crypto-J 6.2.5 (Crypto-J). It
outlines the new features, platform information, and resolved and known issues.
For details of the Crypto-J End of Primary Support dates, see the Product Version Life
Cycle Web site at
https://community.rsa.com/docs/DOC-73366.
Contents:
New Features ................................................................................................... 2
Changes ............................................................................................................ 3
Related Products ............................................................................................. 4
FIPS 140-2 Operations ................................................................................... 5
Operating Environment Information .............................................................. 6
Interoperability ................................................................................................ 14
Implementation Information .......................................................................... 15
Supported Hardware Devices ...................................................................... 16
Algorithms and Key Sizes ............................................................................ 17
Enhancements and Resolved Issues ......................................................... 28
Known Issues ................................................................................................. 29
Documentation ............................................................................................... 30
Support and Service ...................................................................................... 31
2 New Features
RSA BSAFE Crypto-J 6.2.5 Release Notes
New Features
This release of Crypto-J is designed to provide the following new features:
• Updated Algorithm support:
– Implementations of SHA3-224, SHA3-256, SHA3-384, SHA3-512,
SHAKE128, SHAKE256 available using the JCE MessageDigest API.
– Implementation of HKDF available using the JCE API.
– Implementation of HMAC/SHA3-224, HMAC/SHA3-256,
HMAC/SHA3-384, HMAC/SHA3-512 and CMAC available using the JCE
MAC API.
– Implementation of ChaCha20, available using the JCE API.
– Implementation of Poly1305, available using the JCE API.
– Implementation of ChaCha20-Poly1305 AEAD cipher, available using the
JCE API.
• Crypto-J gives deprecation warnings during compilation. In previous releases,
deprecated Crypto-J classes and class members were only documented as being
deprecated.
Features added in release 6.2.4.0.1:
There are no new features in release 6.2.4.0.1.
Features added in release 6.2.4:
The new features added in release 6.2.4 include:
• Updated platform support.
For more information, see Operating Environment Information.
• Support for the Single-Step KDF algorithm.
For more information, see Key Derivation Algorithms.
• Support for the RSA-KEM-KWS algorithm.
For more information, see Asymmetric Encryption and Decryption Algorithms.
• Key Confirmation extended JCE API added for use in SP 800 56 A/B Key
Agreement and Key Transport schemes.
Changes 3
RSA BSAFE Crypto-J 6.2.5 Release Notes
Changes
This release of Crypto-J is designed to include the following changes:
• The default key size for key generation of asymmetric keys has been changed to
reflect the minimum key size recommended in FIPS 186-4. Where the
KeyPairGenerator has not previously been initialized with a key size, keys
will be generated with the new default key size. For:
• The names of the jar files have been changed to reflect the release. For example:
cryptoj-6.2.5.jar.
• Fixes for specific issues.
For more information, see Enhancements and Resolved Issues:
Changes added in release 6.2.4.0.1:
Changes added in release 6.2.4 include fixes for specific issues.
For more information, see Enhancements and Resolved Issues.
Changes added in release 6.2.4:
Changes added in release 6.2.4 include:
• All JSAFE APIs are deprecated. The APIs are available for use, and will be
removed at some future time.
• Fixes for specific issues.
For more information, see Enhancements and Resolved Issues.
Important: The National Institute for Standards and Technologies (NIST) has
published an Update to Current Use and Deprecation of TDEA, announcing
their intention to deprecate the 3-key variant of Triple-DES, and disallow it
for use in TLS and other protocols. NIST is developing a draft deprecation
timeline for the 3-key variant of TDEA including a sunset date, and
recommends migration to AES as soon as possible.
RSA recommends caution when using Triple-DES.
Algorithm
Default Key Size
Current Previous
RSA 2048 1024
DSA 2048 1024
DH 2048 1024
EC 224 192
4 Related Products
RSA BSAFE Crypto-J 6.2.5 Release Notes
Related Products
The following related products are incorporated in this release of Crypto-J:
• RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) to provide native
cryptography support.
• RSA BSAFE Micro Edition Suite 4.1 (MES) to provide FIPS 140-2 native
cryptography support.
• OpenLDAP - JLDAP (oct_ndk_2007) to provide LDAP support.
Use of other versions of these products might work, but support is not guaranteed.
FIPS 140-2 Operations 5
RSA BSAFE Crypto-J 6.2.5 Release Notes
FIPS 140-2 Operations
Federal Information Processing Standards Publication 140-2 - Security Requirements
for Cryptographic Modules (FIPS 140-2) details the United States Government
requirements for cryptographic modules. For more information about the FIPS 140-2
standard and validation program, see the FIPS 140-2 page on the NIST Web site at
https://csrc.nist.gov/projects/cryptographic-module-validation-
program/standards.
The FIPS 140-2 validated configurations of this release inherit their FIPS 140-2 status
from the RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 (Crypto-J
JSAFE and JCE Software Module). For more information, see the RSA BSAFE
Crypto-J JSAFE and JCE Software Module Security Policy documents.
Note: FIPS 140-2 validation for the current release of the Crypto-J JSAFE
and JCE Software Module is in progress. When the validation process is
complete, the Security Policy documents might be updated and re-released, to
reflect the complete security requirements of FIPS 140-2 validation.
For the complete list of FIPS 140-2 tested and vendor affirmed operating
environments, and for detailed information about the Crypto-J JSAFE and JCE
Software Module and the secure operation of Crypto-J, see the RSA BSAFE Crypto-J
JSAFE and JCE Software Module Security Policy documents.
For details about the toolkit configuration and cryptographic implementation of
Crypto-J, see the “About the Crypto-J Toolkit” section of the RSA BSAFE Crypto-J
Installation Guide.
Note: As of February 2017, FIPS 140-2 module validations have a five year
life span from the date of the last validation. Unless modules are revalidated,
the validation expires and the module certificate is moved to the CMVP
Historical list.
Applications using modules from the CMVP Historical list are not
FIPS 140-2-compliant.
To confirm the validation state of a module, see the CMVP Validated Module page at
https://csrc.nist.gov/projects/cryptographic-module-validation-
program/validated-modules/search.
6 Operating Environment Information
RSA BSAFE Crypto-J 6.2.5 Release Notes
Operating Environment Information
Operating environment support for Crypto-J is separated into three categories:
• Primary Operating Environments: Crypto-J is designed and tested to support these
operating environments at the time of release.
For information about FIPS validation and testing, see FIPS 140-2 Operations.
• Secondary Operating Environments: these operating environments are not tested
with this release. These operating environments are expected to work, but support
is not guaranteed. If any issues are found, a specific request for investigation can
be made through RSA Customer Support.
• Tested JDK Update Versions: lists the tested JDK update versions for the
supported primary platforms and operating systems.
Primary Operating Environments
The following table lists the platforms and operating systems supported by Crypto-J at
the time of release, and details compiler information.
Table 1 Primary Operating Environment Information
Operating System
CPU
Architecture
CPU
Size
Compiler Version
Apple
®
Mac OS
®
X 10.11+
x86_64 64-bit Apple JDK 8.0
x86 32-bit
Canonical
®
Ubuntu
®
16.04 Server x86_64
64-bit
IBM
®
JDK 8.0
OpenJDK 8u
Oracle
®
JDK 8.0, 9.0.1
x86 32-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0
CentOS™ Project
CentOS 7.6 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
CentOS 6.10 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
Operating Environment Information 7
RSA BSAFE Crypto-J 6.2.5 Release Notes
FreeBSD
®
Foundation
FreeBSD 11.x x86_64 64-bit OpenJDK 8u
Google
®
Android™ 9.0
ARM
®
v8-A
64-bit Android SDK 28
Android 8.x ARM v8 64-bit Android SDK 26, 27
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
Android 7.x ARM v8 64-bit Android SDK 24. 25
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
IBM
AIX
®
7.2 PowerPC
®
64-bit IBM JDK 8.0
PowerPC 32-bit
Micro Focus
®
1
SUSE
®
Linux
®
Enterprise Server
12 SP4
x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
SUSE Linux Enterprise Server
12 SP3
x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
Microsoft
®
Windows
®
10 Enterprise
x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows 8.1 Enterprise x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK. 8.0
Oracle JDK 8.0, 9.0.1
Table 1 Primary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
Compiler Version
8 Operating Environment Information
RSA BSAFE Crypto-J 6.2.5 Release Notes
Microsoft (continued)
Windows Server 2016 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2012 R2 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2012 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2008 SP2 x86_64 64-bit IBM JDK. 8.0
Oracle JDK 8.0
Windows Server 2008
(SSLF configuration)
x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0
Oracle
Solaris
®
11 SPARC
®
v9
64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
x86_64 64-bit Oracle JDK8.0
Solaris 10 SPARC v9 64-bit IBM JDK 8.0
Oracle JDK 8.0
x86_64 64-bit Oracle JDK8.0
Red Hat
®
Enterprise Linux 7.6 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
1
No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.
Your RSA software contract might not grant you the right to develop
applications on all of the supported platforms listed. Contact your RSA sales
representative for information on the development platforms covered by your
contract.
Table 1 Primary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
Compiler Version
Operating Environment Information 9
RSA BSAFE Crypto-J 6.2.5 Release Notes
Secondary Operating Environments
The following table lists the secondary operating environments which are not tested
with this release, but can be requested through RSA Customer Support.
Table 2 Secondary Operating Environment Information
Operating System
CPU
Architecture
CPU
Size
JVM
Apple
Mac OS X 10.8+ x86_64 64-bit Apple JDK 7.0
x86 32-bit
Canonical
Ubuntu 16.04 Server x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
x86 32-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0, 9.0
1
(EA)
CentOS Project
CentOS 7.6 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
CentOS 6.9 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
FreeBSD Foundation
FreeBSD 11.x x86_64 64-bit OpenJDK 7u
FreeBSD 10.3 x86_64 64-bit OpenJDK 7u
Google
Android 6.x ARM v8 64-bit Android SDK 23
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
Android 5.x
ARM
v7
32-bit Android SDK 21, 22
x86 32-bit
10 Operating Environment Information
RSA BSAFE Crypto-J 6.2.5 Release Notes
Google (continued)
Android 4.4.x
ARM
v7
32-bit Android SDK 19
x86 32-bit
HPE
HP-UX 11.31
Itanium
®
2
64-bit HP JDK 7.0, 8.0
32-bit
IBM
AIX 7.2 PowerPC 64-bit IBM JDK 7.0, 7.1
32-bit
AIX 7.1 PowerPC 64-bit IBM JDK 7.0, 7.1, 8.0
32-bit
AIX 6.1 PowerPC 64-bit IBM JDK 7.0, 8.0
32-bit
Micro Focus
2
SUSE Linux Enterprise Server
12 SP 4
x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
SUSE Linux Enterprise Server
12 SP 3
x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
SUSE Linux Enterprise Server
11 SP4
x86_64 64-bit IBM JDK 7.0, 7.1, 8.0
OpenJDK 7u, 8u
Oracle JDK 7.0, 8.0x86 32-bit
Microsoft
Windows 10 Enterprise x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows 8.1 Enterprise x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Table 2 Secondary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
JVM
Operating Environment Information 11
RSA BSAFE Crypto-J 6.2.5 Release Notes
Microsoft (continued)
Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows Server 2016 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
Windows Server 2012 R2 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
Windows Server 2012 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
Windows Server 2008 SP2 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows Server 2008
(SSLF configuration)
x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
Oracle
Solaris 11 SPARC v9 64-bit Oracle JDK 7.0
SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1
x86_64 64-bit Oracle JDK 7.0
x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1
Solaris 10 SPARC v9 64-bit Oracle JDK 7.0
SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1
x86_64 64-bit Oracle JDK 7.0, 9.0.1
x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1
Table 2 Secondary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
JVM
12 Operating Environment Information
RSA BSAFE Crypto-J 6.2.5 Release Notes
Tested JDK Update Versions
The following table lists the supported primary platforms and operating systems, with
the tested JDK update version.
Red Hat
Enterprise Linux 7.6 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
Enterprise Linux 6.9 x86_64 64-bit IBM JDK 7.0, 7.1, 8.0
OpenJDK 7u, 8.u
Oracle JDK 7.0, 8.0x86 32-bit
1
Early Adopter
2
No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.
Table 3 Tested JDK Update Versions
Operating System CPU Compiler Version
Apple
Mac OS X 10.11+
All
Apple JDK 8.0 1.8.0_121.
Canonical Ubuntu
16.04 Server
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_191
Oracle JDK 1.8.0_74
32-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_121
Oracle JDK 1.8.0_74
CentOS Project CentOS
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_191
Oracle JDK 1.8.0_74
FreeBSD Foundation
FreeBSD
64-bit OpenJDK 1.8.0_181
IBM AIX
All IBM JDK 8.0 R28_20170314_2309_B340265
Micro Focus
SUSE Linux Enterprise
Server 12
64-bit OpenJDK 1.8.0_121
Oracle JDK 1.8.0_201
Microsoft Windows
64-bit IBM JDK 1.8.0 R28_Java8_SR3_20160719_1144_B312156
Oracle JDK1.8.0_201-b09
Table 2 Secondary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
JVM
Operating Environment Information 13
RSA BSAFE Crypto-J 6.2.5 Release Notes
Discontinued Environments
In this release of Crypto-J, RSA discontinues support for the following:
• Apple Mac OSX 10.7 32-bit and 64-bit
• Apple Mac OSX 10.6 32-bit and 64-bit
• Canonical Ubuntu 14.04 Server 32-bit and 64-bit
• Oracle JRockit 6.0.
In the next release of Crypto-J, RSA will discontinue support for Oracle JDK 9.
In the next release of Crypto-J, RSA might discontinue support for any of the
Secondary Operating Environments.
For subsequent releases of Crypto-J going forward, where a vendor discontinues
mainstream support for an operating system and platform combination, RSA
discontinues support from the same date.
Oracle Solaris
SPARC v9
64-bit
Oracle JDK 1.8.0_201-b09
x86_64
64-bit
Oracle JDK 1.8.0_65
Red Hat Enterprise
Linux 7
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_1311
Oracle JDK 1.8.0_201-b09
Table 3 Tested JDK Update Versions (continued)
Operating System CPU Compiler Version
14 Interoperability
RSA BSAFE Crypto-J 6.2.5 Release Notes
Interoperability
Application Server Interoperability
Crypto-J operates on the application servers on the platforms and in the scenarios
shown below, and has been tested under the following conditions:
• JCE dynamic loading
• JCE static loading
• JCE FIPS 140 dynamic loading
• JCE FIPS 140 static loading.
• Crypto-J provider registered statically and called explicitly while being bundled
with the application.
• Native support for cryptographic operations.
The following table lists the platform information for tested Application Servers.
Table 4 Application Server Interoperability
Platforms Application Server
Microsoft Windows Server 2012 R2, x86_64
Oracle Solaris 11, SPARC V8+
Red Hat Enterprise Linux 7.3, x86_64
IBM WebSphere
®
Application Server
7.0, 8.0 and 8.5
Oracle WebLogic Server 11gR1, 12c, 12cR2
Red Hat JBoss
®
EAP 6.x, 7.x
Red Hat JBoss WildFly
®
AS 8.2, 9.0.x, 10.1
Microsoft Windows Server 2012 R2, x86_64
Red Hat Enterprise Linux AS 7.3, x86_64
Apache™ Tomcat™ 7.0.x and 8.5
Implementation Information 15
RSA BSAFE Crypto-J 6.2.5 Release Notes
JSSE Interoperability
Crypto-J operates and has been tested with the JSSE providers on the platforms shown
below:
Java Web Start Interoperability
Crypto-J operates and has been tested with the Java Web Start on the platforms shown
below:
Implementation Information
The following Crypto-J jar files run on environments with JDK 7.0 and higher:
• jcm-6.2.5.jar
• jcmFIPS-6.2.5.jar
• cryptojcommon-6.2 .5.jar
The JCE provider is tested with the built-in JCE versions provided with JDK 7.0.
Table 5 JSSE Interoperability
Operating
System
CPU
JSSE
Provider
JDK Version
Microsoft
Windows Server
2012 R2
64-bit IBM 1.7.0 R27_Java727_SR3_20150407_1831_B243189
1.8.0 R28_Java8_SR3_20160719_1144_B312156
Oracle 1.7.0_80-b15
1.8.0_201-b09
Oracle Solaris 11.4 SPARC 9
64-bit
Oracle 1.8.0_201-b09
Red Hat Enterprise
Linux 7.6
64-bit
IBM
1
1
The IBMJCE provider must be registered in addition to JsafeJCE.
1.7.0 Linux amd64-64 Compressed References
20190125_408276
1.8.0_201
Oracle 1.7.0_80-b15
1.8.0_201-b09
Table 6 Application Server Interoperability
Platforms Supported JDK
Microsoft Windows Server 2012 R2, x86_64 Oracle JDK 7.0 and 8.0
Oracle Solaris 11, SPARC 9 Oracle JDK 7.0
Red Hat Enterprise Linux 7.6, x86_64 Oracle JDK 7.0 and 8.0
16 Supported Hardware Devices
RSA BSAFE Crypto-J 6.2.5 Release Notes
Supported Hardware Devices
The following table lists the PKCS #11 hardware device and features tested and
supported in this release of Crypto-J when using Oracle JDK 7.0 on a physical host
machine. No virtual environments are supported. JDKs, devices, and operations other
than that listed might work, but support is not guaranteed.
The supported device is subject to change in subsequent releases of Crypto-J.
Discontinued Hardware Devices
Where a vendor discontinues support for a hardware device, RSA discontinues
support from the same date.
Table 7 Supported Hardware Devices
Vendor and
Product
Features Operating System
RSA SecurID 800
USB token
Key Management:
• AES and RSA key generation
• Import and export symmetric keys
• Export RSA public key from token
Cryptographic Operations:
• AES encrypt and decrypt
• RSA sign and decrypt
• SHA-1 and SHA-256 message digests.
Certificate Store:
• Import and export certificates:
– RSA, DSA and EC certificates.
Microsoft Windows
Server 2008 SP2 64-bit
Algorithms and Key Sizes 17
RSA BSAFE Crypto-J 6.2.5 Release Notes
Algorithms and Key Sizes
The following algorithms and named curves are supported:
• Elliptic Curve Supported Named Curves
• Symmetric Encryption and Decryption Algorithms
• Asymmetric Encryption and Decryption Algorithms
• Digital Signature Schemes Algorithms
• Random Number Generation Algorithms
• Message Authentication Codes Algorithms
• Message Digest Algorithms
• Key Generation Algorithms
• Key Agreement Algorithms
• Key Derivation Algorithms
• Key Wrap Encryption and Decryption Algorithms
• Secret Sharing Algorithms
• Parameter Generation Algorithms.
18 Algorithms and Key Sizes
RSA BSAFE Crypto-J 6.2.5 Release Notes
Elliptic Curve Supported Named Curves
The following table lists the Named Elliptic Curves supported in this release.
Table 8 Elliptic Curve Supported Named Curves
Elliptic Curve Type
Equivalent Symmetric
Cipher Strength (bits)
Native
Support
PKCS #11
Koblitz Curve K-163 80 Yes No
Binary Curve B-163 80 Yes No
Prime Curve P-192 96 Yes No
Prime Curve P-224 112 Yes No
Koblitz Curve K-233 112 Yes No
Binary Curve B-233 112 Yes No
Prime Curve P-256 128 Yes Yes
Koblitz Curve K-283 128 Yes No
Binary Curve B-283 128 Yes No
Prime Curve P-384 192 Yes Yes
Koblitz Curve K-409 192 Yes No
Binary Curve B-409 192 Yes No
Prime Curve P-521 256 Yes No
Koblitz Curve K-571 256 Yes No
Binary Curve B-571 256 Yes No
Algorithms and Key Sizes 19
RSA BSAFE Crypto-J 6.2.5 Release Notes
Symmetric Encryption and Decryption Algorithms
The following table lists the supported symmetric encryption and decryption
algorithms in this release of Crypto-J.
Table 9 Symmetric Encryption and Decryption Algorithms
Algorithm Mode/Description
Key Bits
(or Equivalent)
Native
Support
PKCS #11
RC2 BPS, CBC, CFB
ECB, OFB
1- 1024 Yes No
RC4 N/A 8 - 2048 Yes No
RC5 BPS, CBC, CFB
ECB, OFB
0 - 2040 No No
AES BPS
CBC
CBC-CS1
CBC-CS2
CBC-CS3
CCM
CFB
CTR
ECB
GCM
128, 192, 256
No
Yes
No
No
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
No
No
No
No
No
Yes
No
XTS 256, 512 Yes No
ChaCha20 N/A 256 No No
ChaCha20
-Poly1305
N/A
256 No No
DES BPS, CBC, CFB
ECB, OFB
56 Yes No
Triple-DES BPS, CBC, CFB
ECB, OFB
112, 168 Yes No
Password-
Based
Encryption
PKCS5PBE-i-k
1
PKCS5V2PBE-i-k
PKCS12PBE-i-k
PKCS12V1PBE-i-k
1
Where i is the iteration count and k is the key size.
Depends on mode
selected.
No
Yes
No
No
No
No
No
No
20 Algorithms and Key Sizes
RSA BSAFE Crypto-J 6.2.5 Release Notes
Asymmetric Encryption and Decryption Algorithms
The following table lists the supported asymmetric encryption and decryption
algorithms supported in this release.
Table 10 Asymmetric Encryption and Decryption Algorithms
Algorithm Mode/Description
Key Bits
(or Equivalent)
Native
Support
PKCS #11
1
1
See Supported Hardware Devices of these Release Notes for specific details.
RSA RSA (2 primes) 256 - 4096 Yes Yes
Valid Padding Modes for the above are:
• OAEP
2
• PKCS #1 Block02 Padding
• No Padding (Raw RSA)
2
Optimal Asymmetric Encryption Padding
Yes
Yes
Yes
No
No
Yes
ECIES KDF2 XOR
AES
Triple-DES
Depends on curve
selected.
Yes No
RSA-KEM-KWS Key-Wrap Ciphers:
• AES-CCM
• AES-KW
• AES-KWP
KDFs:
• Single-Step KDF with
– SHA224
– SHA256
– SHA384
– SHA512
– SHA512-224
– SHA512-256
1024-4096 No No
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
/
